We, Togg Europe GmbH, Schelmenwasenstr. 34, 70567 Stuttgart (hereinafter referred to as "Togg"), hereby provide information about how we process personal data on this website.
You can contact our data protection officer via email to:
volker.wodianka@privacy-legal.de
Below, we have compiled the most important information about the typical data processing on our website for you. For certain types of data processing that only affect specific groups, the information obligations are fulfilled separately.
Wherever the term "data" is used in the text, it refers exclusively to personal data within the meaning of the GDPR.
1. Use of the website
2. Contact
3. Marketing communication
4. Job Application
5. Participation in projects and events
6. Visiting our social media profiles
7. Rights of data subjects and further information
1. Use of the website1.1 Server log dataWhen you use the website, certain information is sent to our website server by the browser used on your device for technical reasons. This data is stored and processed on our server.
(i) We process the following data for the purpose of providing the content of the website that has been accessed, ensuring the security of the IT infrastructure used, troubleshooting, enabling and simplifying searches on the websites, and managing cookies. A change of purpose is not planned.
(ii) The data processed is HTTP data: HTTP data is protocol data that is generated for technical reasons when you access websites via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes your IP address, the type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access. HTTP(S) data is also collected on servers of service providers (e.g. when accessing third-party content).
(iii) The legal basis for processing is our legitimate interest in the technical operation of a website (Art. 6 (1)(f) GDPR, Section 25 para. 2 no. 2 TDDDG).
(iv) The data is automatically provided by the browser of the data subject.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) IP addresses are anonymised at the end of the session. Pseudonymous usage data is deleted after 14 days at the latest.
(vii) The use of the website is not possible without disclosing personal data, such as the IP address.
Communication via the website without providing data is technically not possible.
1.2 Technically necessary cookiesWe use cookies on our website. Cookies are small text files that can be stored on your device when you
visit our website. When you visit our website again using the same device, we can read and process the
information stored in the cookies. To do this, we use the processing and storage functions of your browser
and collect information from your browser's memory.
In this privacy policy, we distinguish between technically necessary cookies, statistics cookies, marketing
cookies and third party content. Cookies that are technically necessary for the functioning of the website
cannot be deactivated via the cookie management function of this website. However, cookies can be
deactivated at any time in the respective browser. Different browsers offer different ways to configure cookie
settings in the browser. However, we would like to point out that some functions of the website may not
work or may no longer work properly if cookies are generally deactivated in the respective browser.
a) Cookiebot CMP by UsercentricsWe use the Usercentrics Consent Manager "Cookiebot CMP" to manage user consent, possible revocation
of consent and objections to the use of cookies.
(i) The purpose of data processing is to manage the user's decisions regarding cookies (consent,
revocation, opt-out) and to ensure the security of the application. A change of purpose is not planned.
(ii) The data processed are:
- HTTP data This is protocol data that is collected for technical reasons when you access the website via Hypertext
Transfer Protocol (Secure) (HTTP(S)). This includes your IP address, the type and version of your
internet browser, the operating system you are using, the page you accessed, the page you visited
previously (referrer URL), the date and time of access, language and geolocation.
- Consent cookies: Decision of the user regarding individual cookies or groups of cookies, time of the decision and last
visit (consent ID, date and time of consent, browser user agent and consent status).
(iii) The legal basis for processing is our legitimate interest in the simple and reliable control of cookies
(Art. 6 (1)(f) GDPR, Section 25 para. 2 no. 2 TDDDG).
(iv) The data is actively provided by the visitor (decision on cookies) or automatically by the visitor's
browser (log data, time stamp).
(v) Recipient of the data as processor within the framework of a data processing agreement is
Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Usercentrics A/S uses Microsoft
Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18
D18 as a sub-processor. This company in turn uses Microsoft Corporation in the USA as a service
provider. In addition, Usercentrics A/S uses Akamai Technologies, Inc., 145 Broadway, Cambridge,
MA 02142, USA as a sub-processor. Microsoft and Akamai have concluded the EU Standard
Contractual Clauses (2021/914; Module 3) to protect the data. You can request a copy of the
essential contractual content of the Standard Contractual Clauses at any time. In addition, Microsoft
and Akamai are certified under the EU-US Data Privacy Framework (Art. 45 GDPR).
(vi) The revocation of previously given consent will be retained for three years (accountability). The
administrative cookie is deleted 6 months after the last visit. Log data is anonymised before storage.
(vii) The use of the website is not possible without the disclosure of personal data. Communication via
the website is technically not possible without providing data.
1.2 Statistics cookiesIn this privacy policy, we distinguish between technically necessary cookies, statistics cookies, marketing
cookies and third party content. Depending on their function and purpose, the use of certain cookies may
require the consent of the user. You can give your consent via a so-called "cookie banner": When you visit
our website, we display our cookie banner. In our cookie banner, you can declare your consent to the use
of all cookies requiring consent on this website by clicking on the button “Allow all”. Without such consent,
the cookies requiring consent will not be activated. You can also reject cookies requiring consent using the
slider or by clicking on “Deny”. By clicking on the button “Allow selection” , your settings will be saved. Your
decision will be stored in a cookie. In the cookie board, you can make an individual selection of cookies and
customise them at a later date. We store your cookie settings in the form of a cookie on your device so that
we can determine whether you have already made cookie settings when you visit the website again
Google Analytics (Consent Mode Advanced)If you have given your consent, we use cookies from the web analytics tool Google Analytics on our website.
With the help of Google Analytics, we can examine your usage behavior on our website in pseudonymized
and anonymized form. We have activated the function to share data with Google for its Google products
and services and, in this context, also share data with Google for its own purposes of product improvement.
For these purposes, Google Ireland Limited acts as an independent controller, and we have no influence
on this. Information about the processing of personal data by Google can be found in Google's privacy
policy:
https://policies.google.com/privacy.You can deactivate the Google Analytics cookies at any time in our “Cookie Board.” Alternatively, you can
install a browser plug-in from Google that prevents the use of Google Analytics cookies:
http://tools.google.com/dlpage/gaoptout?hl=de.
If you have not given consent to the use of Google Analytics cookies on our website, no cookies will be set
by Google. In this case, so-called “cookieless pings” from Google are used. For this purpose, Google Tags
communicate the consent status and user activity by sending cookieless pings or signals to the Google
server (further details on the data processed in this context can be found below in the description of the
data categories).
(i) The purposes of processing are the analysis of user behavior on our website. Another purpose is the
transfer of data to Google for the product improvement of Google. A change of purpose is not
planned.
(ii)
The processed data are: If consent to the use of Google Analytics cookies has been given:
- Google Analytics HTTP data: These are log data that are technically necessary when using the
web analytics tool Google Analytics on the website via the Hypertext Transfer Protocol (Secure)
(HTTP(S)): these include IP address, type and version of your internet browser, operating system
used, the page accessed, the previously visited page (referrer URL), date and time of access,
approximate geographic location.
- Google Analytics device data: Data generated by the web analytics tool Google Analytics and
assigned to your device: this includes a unique ID to (re-)recognize returning visitors (so-called
“Client ID”) as well as certain technical parameters for controlling data collection for web
analytics.
Google Analytics measurement data: Device-related raw data (so-called “dimensions” and
“metrics”) collected and analyzed by the web analytics tool Google Analytics when using our web
offering: these include, in particular, information about the sources through which visitors access
our web offering, information about location, the browser and device used, information about
website usage (in particular page views, frequency of access, and duration of stay on accessed
pages), as well as information on the achievement of specific goals (in particular transactions in
the online shop). These data are each assigned to the Client ID assigned to your device. As a
result, device-related usage profiles are created in which all device-related raw data are
consolidated under one Client ID. The data we collect using Google Analytics do not enable us
to directly identify you personally (i.e., by your civil name). Without your consent, we also do not
combine the device-related raw data and the resulting device-related usage profiles with data
that directly identify you personally.
- Google Analytics report data: Data included in aggregated segment- and device-related reports
created by the web analytics tool Google Analytics based on the analysis of the device-related
raw data.
- Data on consents given: Online identifiers (including cookie identifiers).
If no consent to the use of Google Analytics cookies has been given: - Data collected through cookieless pings (sent by so-called “consent-aware tags”):
o Data on consent status (denial of consent) o Pings indicating conversions of event data on the pages
o Timestamp, user agent (web only), referrer, regarding the consent status: online
identifiers (including cookie identifiers)
o Indication of whether the current page or a previous page in the user’s navigation on the
website contained ad-click information in the URL (e.g., GCLID / DCLID)
o Boolean information about the consent status; random number generated each time the
page is loaded
o Information about the consent platform used by the website owner (e.g., Developer ID)
o IP address (only for ping transmission, not stored)
(iii) The legal basis for processing in the context of the use of Google Analytics cookies and the sharing
of data with Google is your consent (Art. 6 (1) (a) GDPR, Section 25 para. 1 TDDDG). The legal
basis for processing of in the context of the use of cookieless pings is our legitimate interest in
analyzing website usage without the use of cookies (Art. 6 (1) (f) GDPR). The legal basis for sharing
data with Google for its product improvement in the case of cookieless pings is our legitimate interest
in the continuous improvement of the Google products we use (Art. 6 (1) (f) GDPR).
(iv) The data is actively provided by the visitor (decision on cookies) or automatically by the visitor's
browser (log data, time stamp).
(v) Recipient of the data as processor within the framework of a data processing agreement is Google
Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google
Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA
94043, USA) as a service provider. Google has concluded the EU Standard Contractual Clauses
(2021/914; Module 3) with Google LLC and further subprocessors to protect the data. You can
request a copy of the essential contractual content of the Standard Contractual Clauses at any time.
In addition, the Google entities (including Google LLC) are certified under the EU-US Data Privacy
Framework (Art. 45 GDPR). Where data are shared with Google for Google’s own product
improvement, this transfer does not occur within the framework of processing on our behalf, but as
a transfer to Google as an independent controller. In this regard, the EU Standard Contractual Clauses (2021/914; Module 1) have been concluded. Information about the processing of personal
data by Google can be found in Google's privacy policy:
https://policies.google.com/privacy.
(vi) The IP address is not stored. The remaining data are deleted after 14 months. Information on when
Google deletes the data it receives for the purpose of product improvement can be found in Google’s
privacy policy:
https://policies.google.com/privacy.
(vii) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for the data subject to provide the data. Without the provision of data,
we cannot carry out web analytics using Google Analytics.
1.3 Marketing cookiesIn this privacy policy, we distinguish between technically necessary cookies, statistics cookies, marketing
cookies and third party content. Depending on their function and purpose, the use of certain cookies may
require the consent of the user. You can give your consent via a so-called “cookie banner”: When you visit
our website, we display our cookie banner. In our cookie banner, you can declare your consent to the use
of all cookies requiring consent on this website by clicking on the button “Allow all”. Without such consent,
the cookies requiring consent will not be activated. You can also reject cookies requiring consent using the
slider or by clicking on “Deny”. By clicking on the button “Allow selection”, your settings will be saved. Your
decision will be stored in a cookie. In the cookie board, you can make an individual selection of cookies and
customise them at a later date. We store your cookie settings in the form of a cookie on your device so that
we can determine whether you have already made cookie settings when you visit the website again.
a) Google Ads (Conversion)If you have given your consent, we use Google Ads (Conversion) tracking on our website. With the help of
Google Ads, we can measure the success of ads placed via Google. We have activated the function to
share data with Google for its Google products and services and, in this context, also share data with
Google for its own purposes of product improvement. For these purposes, Google Ireland Limited acts as
an independent controller, and we have no influence on this. Information about the processing of personal
data by Google can be found in Google's privacy policy:
https://policies.google.com/privacy.
You can deactivate tracking by Google Ads (Conversion) at any time in our “Cookie Board” or install a
browser plug-in from Google that prevents data collection by Google Ads (Conversion):
http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, users can deactivate Google Ads
(Conversion) for the browser they are currently using by disabling the storage of cookies in the browser
settings.
(i) The purposes of processing are to measure the reach of ads (AdWords) placed via Google. When
users click on our ad placed via Google, Google stores a cookie for conversion tracking on the
respective end device. If users then visit the website linked in the ad and the cookie has not yet
expired, we can recognize that they clicked on the ad and were redirected to our website. We can
only recognize clicks on our own ads, not clicks on ads of other Google customers. Google uses the
cookies, among other things, to bill advertising costs to us. We only receive analyses and further
information in aggregated and anonymized form, and we cannot attribute the information to any
natural person. Another purpose is the transfer of data to Google for the improvement of Google’s
products. A change of purpose is not planned.
(ii) The data processed are:
Google AdWords HTTP data:
These are data that are technically necessary when using the Google AdWords tool on the
website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): this includes IP address, type
and version of the internet browser used by the users, operating system used, the page
accessed, the previously visited page (referrer URL), date and time of access.
- Usage data: Usage data include clicks on ads, time spent on the website, and information about visited
websites.
Conversion event: The conversion event summarizes the results of the conversion.
(iii) The legal basis for processing in the context of the use of Google Ads is your consent (Art. 6 (1)(a)
GDPR; Sec. 25 (1) TDDDG). The legal basis for sharing data with Google for its product improvement
is our legitimate interest in the continuous improvement of the Google products we use (Art. 6 (1)(f)
GDPR).
(iv) The data is automatically provided by the users’ browser.
(v) Recipient of the data as processor within the framework of a data processing agreement is Google
Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google
Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA
94043, USA) as a service provider. Google has concluded the EU Standard Contractual Clauses
(2021/914; Module 3) with Google LLC and further subprocessors to protect the data. You can
request a copy of the essential contractual content of the Standard Contractual Clauses at any time.
In addition, the Google entities (including Google LLC) are certified under the EU-US Data Privacy
Framework (Art. 45 GDPR). Where data are shared with Google for Google’s own product
improvement, this transfer does not occur within the framework of processing on our behalf, but as
a transfer to Google as an independent controller. In this regard, the EU Standard Contractual
Clauses (2021/914; Module 1) have been concluded. Information about the processing of personal
data by Google can be found in Google's privacy policy:
https://policies.google.com/privacy.
(vi) The cookies expire after 90 days, contain no personal data other than the cookie ID, and are not
used to personally identify users.
(vii) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for the data subject to provide the data. Without the provision of data,
we cannot carry out Google Ads tracking.
b) Google Display & Video 360 (DV360)
If you have given your consent, we use Google Display & Video 360 (DV360) tracking on our website.
Display & Video 360 tracking enables us to measure the success of ads placed via Google with a focus on
large enterprises and agencies, and also in video and display formats. We have activated the function to
share data with Google for its Google products and services and, in this context, also share data with
Google for its own purposes of product improvement. For these purposes, Google Ireland Limited acts as
an independent controller, and we have no influence on this. Information about the processing of personal
data by Google can be found in Google’s Privacy Policy:
https://business.safety.google/privacy.
Users can deactivate data processing by Display & Video 360 tracking at any time in our “Cookie Board.”
Alternatively, users can deactivate DV360 tracking for the browser they are currently using by disabling the
storage of cookies in the browser settings.
(i) The purposes of processing are to measure the reach of ads placed via Google (with a focus on
video and display formats). When users click on our ad placed via Google, Google stores a cookie
for conversion tracking on the respective end device. If users then visit our website linked in the ad
and the cookie has not yet expired, we can recognize that they clicked on the ad and were redirected
to our website. We can only recognize clicks on our own ads, not clicks on ads of other Google
customers. Google uses the cookies, among other things, to bill advertising costs to us. Another
purpose is the transfer of data to Google for the improvement of Google’s products. A change of
purpose is not planned.
(ii) The data processed are:
- DV360 HTTP data: These are data that are technically necessary when using DV360 on the
website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): this includes IP address, type
and version of the internet browser used by the users, operating system used, the page
accessed, the previously visited page (referrer URL), date and time of access.
- DV360 usage data: Usage data include clicks on ads, time spent on the website, and
information about visited websites.
- Conversion event: The conversion event summarizes the results of the conversion.
(iii) The legal basis for processing in the context of the use of DV360 is your consent (Art. 6 (1)(a) GDPR;
Sec. 25 (1) TTDSG). The legal basis for sharing data with Google for its product improvement is our
legitimate interest in the continuous improvement of the Google products we use (Art. 6 (1)(f) GDPR).
(iv) The data are automatically provided by the users’ browser.
(v) Recipient of the data as processor within the framework of a data processing agreement is Google
Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google
Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA
94043, USA) as a service provider. Google has concluded the EU Standard Contractual Clauses
(2021/914; Module 3) with Google LLC and further subprocessors to protect the data. You can
request a copy of the essential contractual content of the Standard Contractual Clauses at any time.
In addition, the Google entities (including Google LLC) are certified under the EU-US Data Privacy
Framework (Art. 45 GDPR). Where data are shared with Google for Google’s own product
improvement, this transfer does not occur within the framework of processing on our behalf, but as
a transfer to Google as an independent controller. In this regard, the EU Standard Contractual
Clauses (2021/914; Module 1) have been concluded. Information about the processing of personal
data by Google can be found in Google’s Privacy Policy:
https://business.safety.google/privacy.
(vi) The cookies expire after 14 months.
(vii) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for you to provide the data. Without the provision of the data, we
cannot carry out Google Ad tracking.
c) TikTok Pixel (Conversion)If you have given your consent, we use the TikTok Pixel on our website. With the help of the TikTok Pixel,
we can measure the success of ads placed via TikTok, optimize delivery, and (where enabled) build
retargeting audiences. Information about TikTok’s processing of personal data can be found in TikTok’s
Privacy Policy for the EEA:
https://www.tiktok.com/legal/page/eea/privacy-policy/en.
You can deactivate tracking by the TikTok Pixel at any time in our “Cookie Board”. Alternatively, users can
deactivate TikTok Pixel for the browser they are currently using by disabling the storage of cookies in the
browser settings. TikTok documents that Pixel-related cookies (_ttp, ttclid, etc.) are used for
advertising/measurement.
(i) The purposes of processing are to measure the reach and performance of ads placed via TikTok,
attribute conversions to TikTok campaigns, optimize ad delivery, and (where configured) create
retargeting/engagement audiences. A change of purpose is not planned.
(ii) The data processed are:
• TikTok Pixel HTTP data: IP address and user agent (device and connectivity information). For
Pixel these are shared by default; for Events API they require explicit configuration.
§ TikTok Pixel cookie and click data: first-party and third-party cookies such as _ttp (1stparty/
your domain and 3rd-party/.tiktok.com), ttclid (click ID stored on your domain), and
ttcsid_… (session identifiers) to recognize browsers and match events for
measurement/optimization.
• Event/usage data: Standard web events like PageView / ViewContent / AddToCart /
InitiateCheckout / Purchase and their parameters (e.g., content_ids, currency, value) used for
reporting, optimization and audience building.
• (Optional) Advanced Matching data: If enabled, hashed customer information (e.g., email,
phone) may be sent to improve matching and attribution. TikTok documents SHA-256 hashing
for Advanced Matching. Only used if configured.
(iii) The legal basis for processing in the context of the use of the TikTok Pixel is your consent (Art. 6
(1)(a) GDPR; Sec. 25 (1) TDDDG).
(iv) The data is automatically provided by the users’ browser. Advanced Matching data is provided only
where users submit such data on our site and Advanced Matching is enabled.
(v) Recipient of the data as processor within the framework of a data processing agreement is TikTok
Technology Limited, The Sorting Office, Ropemaker Place, Dublin 2, D02 HD23, Ireland. TikTok
Technology Limited may use other TikTok group companies (including in third countries such as the
USA) as service providers. TikTok has concluded the EU Standard Contractual Clauses (2021/914;
Module 3) with these service providers to protect the data. You can request a copy of the essential
contractual content of the Standard Contractual Clauses at any time. Where data are shared with
TikTok for TikTok’s own product improvement, this transfer does not occur within the framework of
processing on our behalf, but as a transfer to TikTok as an independent controller. In this regard, the
EU Standard Contractual Clauses (2021/914; Module 1) have been concluded. Information about
the processing of personal data by TikTok can be found in TikTok’s privacy policy:
https://www.tiktok.com/legal/page/eea/privacy-policy/en.
(vi) The cookies used with the TikTok Pixel generally expire after 13 months from set or last use.
(vii) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for the data subject to provide the data. Without the provision of data,
we cannot carry out TikTok Pixel tracking.
d) Meta Pixel (Conversion)If you have given your consent, we use the so-called “Meta Pixel” on our website. This involves the use of
cookies by Meta Platforms Ireland Limited, Harbour, D2, 4 Grand Canal Quay, Square, Dublin, Ireland
(“Meta”). The “Meta Pixel” enables Meta, among other things, to collect information about your activities on
our website. By integrating the “Meta Pixel,” we enable Meta to collect personal data.
However, we do not receive from Meta any information that allows us to personally identify you. The
collection and processing of this data is carried out exclusively by Meta on the basis of your consent and under Meta’s sole responsibility. Meta provides us with the evaluations or further information generated on
the basis of the collected data only in aggregated, anonymized form. We cannot assign the information
provided to us to any natural person.
We have no knowledge of the details of the processing of personal data within Meta’s area of responsibility.
Information about the processing of personal data by Meta can be found in Meta’s Privacy Policy:
https://www.facebook.com/privacy/policy/.
You can deactivate the data processing by Meta Pixel on our website at any time in our “Cookie Board.”
Alternatively, you can deactivate Meta Pixel for the browser you are currently using by disabling the storage
of cookies in your browser settings. You can also prevent the setting of Meta cookies via WebChoices:
Digital Advertising Alliance’s Consumer Choice Tool for Web US (aboutads.info).
The controller responsible for data processing is Meta Platforms Ireland Limited, Harbour, D2, 4 Grand
Canal Quay, Square, Dublin, Ireland.
(i) The purpose of the Meta Pixel is to enable Meta to collect and process your usage data on our
website. The purposes of processing are determined solely by Meta:
https://www.facebook.com/privacy/policy/.
(ii) The processed data according to Meta are:
• Meta Pixel HTTP data: Data that are technically necessary when using the Meta Pixel on the
website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): these include IP address, type
and version of your internet browser, operating system used, the page accessed, the
previously visited page (referrer URL), date and time of access.
• Meta Pixel device data: Data assigned to your device by the Meta Pixel: this includes a unique
ID to (re-)recognize returning visitors.
• Meta Pixel event data: Data collected by Meta through the Meta Pixel and assigned to the
unique visitor ID contained in the Meta Pixel device data: these include actions taking place on
the website (so-called “events”), such as conversions, link clicks, and page views, as well as
information associated with the respective actions (so-called “parameters”), such as providing
contact details or downloading documents.
• Meta Pixel analytics data: Data generated by Meta based on the information collected through
the Meta Pixel, assigned to your unique visitor ID contained in the Meta Pixel device data: this
includes information about the effectiveness of Meta ads and the assignment of users to
audiences for Meta ads. Meta may possibly generate further data for its own purposes or for
the purposes of third parties on the basis of the collected information. We have no knowledge
of the details of the data generated by Meta.
(iii) The legal basis for enabling the collection of personal data via our website by Meta is your consent
(Art. 6 (1)(a) GDPR, Sec. 25 (1) TDDDG). We do not carry out any processing of personal data within
our own area of responsibility. We have no knowledge of the details of the processing of the data
within Meta’s responsibility, in particular of the legal basis used by Meta. The Meta Pixel analytics
data are generated independently by Meta. We are not aware whether Meta uses further data
sources.
(iv) Recipient of the data collected via our website is Meta Platforms Ireland Limited as the controller for
the collection and processing of personal data. Meta Platforms Ireland Limited in turn uses Meta
Platforms Inc. in the USA (1 Hacker Way, Menlo Park, CA 94025, USA) as a service provider. As an
independent controller, Meta Platforms Ireland Limited bears the responsibility for ensuring
appropriate data protection safeguards for the data transfer.
(v) The cookies expire after 90 days according to Meta.
(vi) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for you to provide the data. In the event of non-provision of the data,
Meta cannot offer the functionality of the Meta Pixel.
e) Meta Conversion APIIf you have given your consent, we use the “Meta Conversion API” on our website. This involves the direct
server-to-server transfer of event data from our systems to Meta Platforms Ireland Limited, Harbour, D2, 4
Grand Canal Quay, Square, Dublin, Ireland (“Meta”). With the help of the Meta Conversion API, we can
measure the success of ads placed via Meta, attribute conversions to campaigns, and optimize ad delivery.
The evaluations or further information generated on the basis of the collected data are provided to us by
Meta only in aggregated, anonymized form. We cannot assign the information provided to us to any natural
person. We have no knowledge of the details of the processing of personal data within Meta’s area of
responsibility. Information about the processing of personal data by Meta can be found in Meta’s Privacy
Policy:
https://www.facebook.com/privacy/policy/. You can deactivate the data processing by the Meta
Conversion API on our website at any time in our “Cookie Board.”
(i) The purposes of processing are to enable Meta to collect and process your usage data for measuring
conversions, campaign attribution, optimization of ad delivery, and (where configured) creation of
custom audiences. The purposes of processing are determined solely by Meta:
https://www.facebook.com/privacy/policy/.
(ii) The processed data according to Meta are:
• Meta Conversion API HTTP data: Data that are technically necessary for server-to-server
communication (e.g., IP address, user agent, timestamp).
• Event and usage data: Actions on our website (e.g., purchases, form submissions, page views)
and associated parameters (e.g., transaction IDs, product IDs, value, currency).
• Optional matching data (Advanced Matching): If configured, hashed customer information (e.g.,
email address, phone number) may be transmitted to Meta to improve attribution and matching.
(iii) The legal basis for enabling the collection of personal data via the Meta Conversion API is your
consent (Art. 6 (1)(a) GDPR, Sec. 25 (1) TDDDG). We do not carry out any processing of personal
data within our own area of responsibility. The processing within Meta’s responsibility, including the
legal bases applied by Meta, is not known to us.
(iv) The data is provided either automatically by the users’ browser (when linked to cookie/session data)
or directly by our systems (server-to-server events). Advanced Matching data is provided only where
users submit such data on our site and Advanced Matching is enabled.
(v) Recipient of the data collected via the Meta Conversion API is Meta Platforms Ireland Limited as the
controller for the collection and processing of personal data. Meta Platforms Ireland Limited in turn
uses Meta Platforms Inc. in the USA (1 Hacker Way, Menlo Park, CA 94025, USA) as a service
provider. As an independent controller, Meta Platforms Ireland Limited bears the responsibility for
ensuring appropriate data protection safeguards for the data transfer.
(vi) Unlike cookies, the Meta Conversion API transmits data server-to-server and does not depend on
browser-stored identifiers. However, event IDs and matching identifiers may be retained by Meta for
up to 2 years for attribution purposes.
(vii) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for the data subject to provide the data. In the event of non-provision
of the data, Meta cannot offer the functionality of the Meta Conversion API.
f) Campaign Manager 360 (CM360)If you have given your consent, we use Google Campaign Manager 360 (CM360) on our website. With the
help of CM360, we can deliver, measure, and optimize display campaigns across different platforms and
devices. We have activated the function to share data with Google for its Google products and services
and, in this context, also share data with Google for its own purposes of product improvement. For these
purposes, Google Ireland Limited acts as an independent controller, and we have no influence on this.
Information about the processing of personal data by Google can be found in Google’s privacy policy:
https://policies.google.com/privacy.
You can deactivate CM360 tracking at any time in our “Cookie Board” or install a browser plug-in from
Google that prevents data collection:
http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, users
can deactivate CM360 tracking for the browser they are currently using by disabling the storage of cookies
in the browser settings.
(i) The purposes of processing are the measurement, reporting, and optimization of digital advertising
campaigns, as well as the billing of advertising costs by Google. Another purpose is the transfer of
data to Google for the improvement of Google’s products. A change of purpose is not planned.
(ii) The data processed are:
• CM360 HTTP data: These are data that are technically necessary when using CM360 on the
website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): this includes IP address, type
and version of the internet browser used by the users, operating system used, the page
accessed, the previously visited page (referrer URL), date and time of access.
• CM360 usage and event data: These include information about ad delivery and interactions with
ads (e.g., impressions, clicks), subsequent website activities (e.g., page views, conversions),
and campaign reporting data.
• CM360 cookie data: CM360 sets cookies (e.g., “IDE” cookie) on the user’s device to recognize
browsers and assign them to advertising segments. These cookies contain a unique identifier
but no data that can directly identify you personally.
(iii) The legal basis for processing in the context of the use of CM360 is your consent (Art. 6 (1)(a) GDPR;
Sec. 25 (1) TDDDG). The legal basis for sharing data with Google for its product improvement is our
legitimate interest in the continuous improvement of the Google products we use (Art. 6 (1)(f) GDPR).
(iv) The data is automatically provided by the users’ browser.
(v) Recipient of the data as processor within the framework of a data processing agreement is Google
Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google
Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA
94043, USA) as a service provider. Google has concluded the EU Standard Contractual Clauses
(2021/914; Module 3) with Google LLC and further subprocessors to protect the data. You can
request a copy of the essential contractual content of the Standard Contractual Clauses at any time.
In addition, the Google entities (including Google LLC) are certified under the EU-US Data Privacy
Framework (Art. 45 GDPR). Where data are shared with Google for Google’s own product
improvement, this transfer does not occur within the framework of processing on our behalf, but as
a transfer to Google as an independent controller. In this regard, the EU Standard Contractual
Clauses (2021/914; Module 1) have been concluded. Information about the processing of personal
data by Google can be found in Google’s privacy policy:
https://policies.google.com/privacy.
(vi) The CM360 cookies usually expire after 390 days. They contain no personal data other than the
cookie ID and are not used to personally identify users.
(vii) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for the data subject to provide the data. Without the provision of data,
we cannot carry out CM360 tracking.
g) Adform (Conversion)If you have given your consent, we use Adform (Conversion) tracking on our website. With the help of
Adform, we can measure the success of ads placed via the Adform platform. If you click on an ad placed
via the Adform platform, Adform stores a cookie for conversion tracking on your device. If you then visit
the website linked in the ad and the cookie has not yet expired, Adform and we, as the company that
placed the ad, can recognize that you clicked on the ad and were redirected to the website. Adform uses
the cookies, among other things, to bill advertising costs to us. We do not receive any information from
Adform that allows us to personally identify any of our customers.
In addition, Adform also sets Google Analytics cookies if you have given the corresponding consent for
Adform cookies. With regard to data protection information, the explanations in the section on Google
Analytics apply.
The collection and processing of Adform data (specifically the Adform ID as a unique identifier) is carried
out exclusively under the responsibility of Adform. Based on the data collected, Adform only provides us
with evaluations or other information in aggregated, anonymized form. We cannot attribute the
information provided to us to any natural person. We have no knowledge of the details of the processing
of personal data within Adform’s area of responsibility. Information about the processing of personal data
by Adform can be found in the Adform Privacy Policy:
https://site.adform.com/privacy-center/platformprivacy/
product-and-services-privacy-policy/.
You can deactivate data processing by Adform Conversion Tracking for the browser you are currently
using at any time in our “Cookie Board.” Alternatively, you can deactivate Adform Conversion Tracking for
the browser you are currently using by disabling the storage of cookies in the browser settings.
The controller responsible for the processing of Adform data is Adform A/S, Silkegade 3B, ST. & 1., 1113
Copenhagen, Denmark.
(i) The purposes of processing are to enable Adform to collect and process your usage data (Adform
data) on our website. The purposes of processing by Adform are determined solely by Adform:
https://site.adform.com/privacy-center/platform-privacy/product-and-services-privacy-policy/. For us,
the purpose of data processing is to measure the reach of ads placed via the Adform platform.
(ii) The data processed are:
• Adform HTTP data: These are data that are technically necessary when using the Adform
tracking tool on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): this includes
IP address, type and version of the internet browser used by the users, operating system used,
the page accessed, the previously visited page (referrer URL), date and time of access.
• Usage data: Usage data include clicks on ads, time spent on the website, and information about
visited websites.
• Adform data (processing under Adform’s sole responsibility): Adform ID (the unique identifier
created, assigned, and stored by Adform for each user interacting with a website).
Conversion event: The conversion event summarizes the results of the conversion.
(iii) The legal basis for enabling the collection of personal data via our website by Adform is your consent
(Art. 6 (1)(a) GDPR; Sec. 25 (1) TDDDG). The legal basis for the processing of personal data via our
website by Adform Conversion is likewise your consent (Art. 6 (1)(a) GDPR; Sec. 25 (1) TDDDG).
(iv) The data for conversion tracking are generated independently by Adform. Whether Adform uses
additional data sources is unknown to us.
(v) Recipient of the Adform data is Adform A/S, Silkegade 3B, ST. & 1., 1113 Copenhagen, Denmark,
as the controller for the collection and processing of personal data. Recipient of other data within the
framework of commissioned processing is likewise Adform A/S.
(vi) The data are deleted after 13 months.
(vii) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for you to provide the data. Without the provision of the data, we
cannot carry out Adform Conversion Tracking.
h) Amazon Ads (Conversion/ Remarketing)If you have given your consent, we use so-called “Amazon Ads” services (e.g., Conversion Tracking,
Remarketing) on our website. This involves the use of cookies by Amazon Europe Core S.à r.l., 38 avenue
John F. Kennedy, L-1855 Luxembourg (“Amazon”). Amazon Ads enables Amazon, among other things, to
collect information about your activities on our website. By integrating Amazon Ads, we enable Amazon to
collect personal data.
However, we do not receive from Amazon any information that allows us to personally identify you. The
collection and processing of this data is carried out exclusively by Amazon on the basis of your consent
and under Amazon’s sole responsibility. Amazon provides us with the evaluations or further information
generated on the basis of the collected data only in aggregated, anonymized form. We cannot assign the
information provided to us to any natural person. We have no knowledge of the details of the processing of
personal data within Amazon’s area of responsibility. Information about the processing of personal data by
Amazon can be found in Amazon’s Privacy Policy:
https://www.amazon.de/gp/help/customer/display.html/?ie=UTF8&nodeId=201151440&ref_=a20m_us_fn
av_l_intrst_de.
You can deactivate data processing by Amazon Ads on our website at any time in our “Cookie Board.”
Alternatively, you can deactivate Amazon Ads for the browser you are currently using by disabling the
storage of cookies in your browser settings. You can also prevent the setting of Amazon cookies via
WebChoices: Digital Advertising Alliance’s Consumer Choice Tool for Web US (aboutads.info).
(i) The purpose of Amazon Ads is to enable Amazon to collect and process your usage data on our
website. The purposes of processing are determined solely by Amazon:
https://www.amazon.de/gp/help/customer/display.html/?ie=UTF8&nodeId=201151440&ref_=a20m_us_fnav_l_intrst_de.
(ii) The processed data according to Amazon are:
• Amazon Ads HTTP data: Data that are technically necessary when using Amazon Ads on the
website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): these include IP address, type
and version of your internet browser, operating system used, the page accessed, the
previously visited page (referrer URL), date and time of access.
• Amazon Ads device data: Data assigned to your device by the Amazon Ads cookie: this
includes a unique ID to (re-)recognize returning visitors.
• Amazon Ads event data: Data collected by Amazon through the Ads integration and assigned
to the unique visitor ID contained in the Amazon Ads device data: these include actions taking place on the website (so-called “events”), such as conversions, link clicks, and page views, as
well as information associated with the respective actions (so-called “parameters”), such as
providing contact details or completing purchases.
Amazon Ads analytics data: Data generated by Amazon based on the information collected
through Amazon Ads, assigned to your unique visitor ID contained in the Amazon Ads device
data: this includes information about the effectiveness of Amazon ads and the assignment of
users to audiences for Amazon ads. Amazon may possibly generate further data for its own
purposes or for the purposes of third parties on the basis of the collected information. We have
no knowledge of the details of the data generated by Amazon.
(iii) The legal basis for enabling the collection of personal data via our website by Amazon is your consent
(Art. 6 (1)(a) GDPR, Sec. 25 (1) TDDDG). We do not carry out any processing of personal data within
our own area of responsibility. We have no knowledge of the details of the processing of the data
within Amazon’s responsibility, in particular of the legal basis used by Amazon. The Amazon Ads
analytics data are generated independently by Amazon. We are not aware whether Amazon uses
further data sources.
(iv) Recipient of the data collected via our website is Amazon Europe Core S.à r.l., 38 avenue John F.
Kennedy, L-1855 Luxembourg, as the controller for the collection and processing of personal data.
Amazon Europe Core S.à r.l. may use other Amazon group companies (including in third countries
such as the USA) as service providers. As an independent controller, Amazon bears the
responsibility for ensuring appropriate data protection safeguards for the data transfer.
(v) The cookies expire after 13 months according to Amazon.
(vi) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for you to provide the data. In the event of non-provision of the data,
Amazon cannot offer the functionality of Amazon Ads.
i) Taboola PixelIf you have given your consent, we use the so-called “Taboola Pixel” on our website. This involves the use
of cookies by Taboola.com Ltd., with EU Representative Lionheart Squared Ltd., 2 Pembroke House, Upper
Pembroke Street 28–32, Dublin, D02 EK84, Ireland (“Taboola”). The Taboola Pixel enables Taboola,
among other things, to collect information about your activities on our website. By integrating the Taboola
Pixel, we enable Taboola to collect personal data. In addition, it is our data protection responsibility that we
evaluate the reach of ads placed via Taboola.
We have no knowledge of the details of the processing of personal data within Taboola’s area of
responsibility. Information about the processing of personal data by Taboola can be found in Taboola’s
Privacy Policy:
https://www.taboola.com/policies/privacy-policy.
You can deactivate the data processing by Taboola Pixel on our website at any time in our “Cookie Board.”
Alternatively, you can deactivate Taboola Pixel for the browser you are currently using by disabling the
storage of cookies in your browser settings.
(i) The purpose of the Taboola Pixel is to enable Taboola to collect and process your usage data on our
website. The purposes of processing are determined solely by Taboola. Another purpose of data
processing is that Togg can measure the reach of ads placed via Taboola.
(ii) The data processed are:
• Taboola HTTP data: These are data that are technically necessary when using the Taboola Pixel
on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): this includes IP address,
type and version of the internet browser used by the users, operating system used, the page
accessed, the previously visited page (referrer URL), date and time of access.
• Usage data: Usage data include clicks on ads, time spent on the website, and information about
visited websites.
• Conversion event: The conversion event summarizes the results of the conversion.
(iii) Recipient of the data collected via our website is Taboola.com Ltd., with EU Representative Lionheart
Squared Ltd., 2 Pembroke House, Upper Pembroke Street 28–32, Dublin, D02 EK84, Ireland, as the
controller for the collection and processing of personal data.
(iv) We have no knowledge of the storage duration of the data at Taboola. The cookies expire after 14
months.
(v) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for you to provide the data. Without the provision of the data, Taboola
cannot offer the functionality of the Taboola Pixel, and we cannot carry out conversion tracking via
Taboola.
j) Criteo (Retargeting/ Conversion)If you have given your consent, we use services of Criteo on our website. With the help of Criteo, we can
display personalized advertising to you across partner websites and apps and measure the performance
of our campaigns. Criteo acts as an independent controller for the processing of personal data. We have
no influence on this. Information about the processing of personal data by Criteo can be found in Criteo’s
privacy policy:
https://www.criteo.com/privacy/. You can deactivate Criteo tracking at any time in our
“Cookie Board” or via the opt-out options provided by Criteo:
https://www.criteo.com/privacy/disable-criteoservices-on-internet-browsers/. Alternatively, users can deactivate Criteo tracking for the browser they are
currently using by disabling the storage of cookies in the browser settings.
(i) The purposes of processing are to display personalized advertising across Criteo’s network, to
measure the effectiveness of advertising campaigns, and to enable retargeting. A change of purpose
is not planned.
(ii) The data processed are:
• Criteo HTTP data: IP address, type and version of the internet browser used by the users,
operating system used, the page accessed, the previously visited page (referrer URL), date
and time of access.
• Criteo cookie and device data: Criteo sets cookies and uses similar technologies (e.g., “uid”
cookie) to assign browsers or devices to advertising segments. These identifiers are
pseudonymous and do not directly identify you.
• Usage and event data: interactions with displayed ads (e.g., impressions, clicks), browsing
behavior (e.g., visited pages, products viewed), conversions such as purchases or form
submissions.
• Cross-device linking data: If possible, Criteo may link different browsers and devices belonging
to the same user in order to provide cross-device advertising.
(iii) The legal basis for processing in the context of the use of Criteo is your consent (Art. 6 (1)(a) GDPR;
Sec. 25 (1) TDDDG).
(iv) The data is automatically provided by the users’ browser or end device.
(v) Recipient of the data is Criteo SA, 32 Rue Blanche, 75009 Paris, France, as independent controller.
Criteo may transfer personal data to group companies and service providers, including in third
countries such as the USA. According to Criteo, such transfers are safeguarded by EU Standard
Contractual Clauses (2021/914).
(vi) The Criteo cookies generally expire after 13 months from set or last update. They contain no directly
identifying personal data other than the pseudonymous cookie ID and are not used to personally
identify users.
(vii) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for the data subject to provide the data. Without the provision of data,
we cannot carry out Criteo tracking.
k) X Pixel (Conversion)If you have given your consent, we use the so-called “X Pixel” on our website. This involves the use of
cookies by X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07,
Ireland (“X”). The “X Pixel” enables X, among other things, to collect information about your activities on
our website. By integrating the X Pixel, we enable X to collect personal data. In addition, it is our data
protection responsibility that we evaluate the reach of ads placed via X.
We have no knowledge of the details of the processing of personal data within X’s area of responsibility.
Information about the processing of personal data by X can be found in X’s Privacy Policy:
https://x.com/en/privacy.
You can deactivate the data processing by the X Pixel on our website at any time in our “Cookie Board.”
Alternatively, you can deactivate the X Pixel for the browser you are currently using by disabling the storage
of cookies in your browser settings.
(i) The purpose of the X Pixel is to enable X to collect and process your usage data (specifically:
Conversion Data) on our website. The purposes of processing are determined solely by X:
https://x.com/en/privacy. Another purpose of processing Match Data is that Togg can measure the
reach of ads placed via X.
(ii) The data processed are:
• Match Data: Data that can be personally assigned to an X user, e.g., email addresses, cookie
IDs, device IDs, or telephone numbers.
• Conversion Data: Data arising from conversions or actions of persons on the website, in mobile
applications, or offline, such as app installations, website visits, and product purchases.
(iii) Recipient of the data collected via our website (Conversion Data) is X Internet Unlimited Company,
One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X”), as the controller for the
collection and processing of personal data. X Internet Unlimited Company in turn uses X Corp., 865
FM 1209, Building 2, Bastrop, TX 78602, USA, as a service provider. As an independent controller,
X bears the responsibility for ensuring appropriate data protection safeguards for the data transfer.
Recipient of the data (Match Data) within the framework of a data processing agreement is also X
Internet Unlimited Company, which in turn uses X Corp. in the USA as a service provider. X has
concluded the EU Standard Contractual Clauses (2021/914; Module 3) with X Corp. and further
subprocessors to protect the data. You can request a copy of the essential contractual content of the
Standard Contractual Clauses at any time. In addition, the X entities are certified under the EU-US
Data Privacy Framework (Art. 45 GDPR).
(iv) The collection and processing of Conversion Data takes place within the responsibility of X. We have
no knowledge of the storage duration. Match Data are deleted after 14 months at the latest.
(v) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for you to provide the data. Without the provision of the data, X cannot
offer the functionality of the X Pixel, and we cannot carry out conversion tracking via X.
l) TeadsIf you have given your consent, we use the Teads True Visits (Universal Pixel) on our website. With the
help of this technology, we can determine whether a user visiting our site has previously interacted with
Teads via our publisher network, and thereby optimize campaign delivery and billing by excluding known
users and charging only for incremental unique visits. We do not receive any information that allows us to
personally identify you; Teads provides us with aggregated performance data only. For these purposes,
Teads (e.g., Teads France SAS, Teads Deutschland GmbH, or other applicable Teads affiliate) acts as an
independent controller, and we have no influence on their processing. Information about the processing of
personal data by Teads can be found in Teads’s Privacy Policy:
https://privacy-policy.teads.com/.
You can deactivate Teads tracking at any time in our “Cookie Board” or by disabling cookie storage in your
browser settings.
(i) The purposes of processing are to recognize returning Teads-tracked users to exclude them from
campaigns (incremental billing), and to provide aggregated campaign performance reporting. No
further personal data processing takes place. A change of purpose is not planned.
(ii) The data processed are:
• Teads Pixel HTTP data: Current URL, optional “auctid” parameter (if provided), device type,
browser type/version, operating system. No personal data is collected or transferred to the
advertiser.
(iii) The legal basis for enabling the collection of personal data via our website by Teads is your consent
(Art. 6 (1)(a) GDPR; Sec. 25 (1) TDDDG). We do not carry out any processing of personal data within
our own area of responsibility beyond enabling Teads to collect data; Teads processes the data as
an independent controller under its policies.
(iv) The data is automatically provided by the user’s browser via the pixel ping.
(v) Recipient of the data as controller is Teads Deutschland GmbH. There is no personal data transfer
to us. The aggregated data we receive poses no risk of identification.
(vi) The retention durations are per Teads’s cookie policy.
(vii) The provision of data is not required by law or contract, nor is it necessary for the conclusion of a
contract. There is no obligation for the data subject to provide the data. Without the provision of data,
we cannot carry out Teads Pixel tracking.
1.4 Third party content
We integrate third party content and content from social media platforms on our website. Data collection by
the respective third party providers only takes place if you activate the respective content by clicking on it
separately.
a) Google Maps (privacy-enhanced mode)If you click on Google Maps map material to access the map, you agree that we may enable Google to
collect data for its own purposes. This is done by integrating map content stored by Google into our website.
When this is integrated, content from Google Maps is displayed in parts of a browser window. However,
the map content is only actually retrieved from the Google server when you click on it separately. The map
content is integrated in what is known as "privacy-enhanced mode". This is provided by Google and ensures
that no data is transferred to Google and no cookies are stored on your device before you click on the map.
As soon as you click on the button to retrieve the map content, the map content is loaded from Google
Maps. Technically, the same thing happens as if you were to switch to the Google Maps website via a link:
Google receives all the information that your browser automatically transmits (including your IP address).
Google also sets its own cookies on your device. This also happens if you do not have a Google user
account. If you are logged in to Google, your data will be directly associated with your account. If you do
not want your data to be associated with your Google user account, you must log out of Google before
clicking on the relevant map content.
The collection and processing of this data is the sole controllership of Google Ireland Limited (Google
Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Ireland Limited uses Google
LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. We
have no knowledge of further details regarding the processing of personal data within Google's
controllership or any possible data processing in the USA. We have no influence on Google's data
processing.
Information about the processing of personal data by Google can be found in Google's privacy policy:
https://policies.google.com/privacy.
b) YouTube embedding (privacy-enhanced mode)By clicking on YouTube videos to play them, you agree that we allow Google, as the operator of YouTube,
to collect data for its own purposes. This is done by embedding videos stored on YouTube on our website.
When embedded, still images from YouTube videos are displayed in parts of a browser window. However,
the YouTube videos are only actually retrieved from the YouTube server when you click on the video.
YouTube content is integrated in what is known as "privacy-enhanced mode". This is provided by Google
as the operator of YouTube and ensures that no data is transferred to Google and no cookies are stored
on your device before you click on the YouTube videos.
As soon as you click on the YouTube videos, the video is loaded from YouTube. Technically, the same
thing happens as if you were switching to the YouTube website via a link: YouTube receives all the
information that your browser automatically transmits (including your IP address). YouTube also sets its
own cookies on your device. This also happens if you do not have a YouTube user account. If you are
logged in to YouTube or Google, your data will be directly associated with your account. If you do not want
your data to be associated with your YouTube or Google user account, you must log out of YouTube or
Google before clicking on the video.
The collection and processing of this data is the sole controllership of Google Ireland Limited (Google
Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Ireland Limited uses Google
LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. We
have no knowledge of further details regarding the processing of personal data within Google's
controllership or any possible data processing in the USA. We have no influence on Google's data
processing.
Information about the processing of personal data by Google can be found in Google's privacy policy:
https://policies.google.com/privacy.
c) YouTube plugin (activation by clicking on the website)We integrate the YouTube plugin on our website. However, you will only be redirected to YouTube if you
click on the YouTube plugin separately. Before you click, no data is transferred to YouTube or Google, the
operator of YouTube, and no cookies are stored on your device.
As soon as you click on the YouTube plugin, technically the same thing happens as if you were switching
to the YouTube website via a link: YouTube or Google receives all the information that your browser
automatically transmits (including your IP address). Google also sets its own cookies on your device. This
also happens if you do not have a YouTube user account. If you are logged in to YouTube or Google, your
data will be directly associated with your account. If you do not want your data to be associated with your
YouTube or Google user account, you must log out of YouTube or Google before clicking on the YouTube
plugin.
The collection and processing of this data is the sole controllership of Google Ireland Limited (Google
Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Ireland Limited uses Google
LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. We
have no knowledge of further details regarding the processing of personal data within Google's
controllership or any possible data processing in the USA. We have no influence on Google's data
processing.
Information about the processing of personal data by Google can be found in Google's privacy policy:
https://policies.google.com/privacy.
d) X (formerly Twitter) plugin (activation by clicking on the website)We integrate the X plugin on our website. However, you will only be redirected to X if you click on the X
plugin separately. Before your click, no data is transferred to X and no cookies are stored on your device.
As soon as you click on the X plugin, technically the same thing happens as if you were switching to the X
website via a link: X receives all the information that your browser automatically transmits (including your
IP address). X also sets its own cookies on your device. This also happens if you do not have an X user
account. If you are logged in to X, your data will be directly associated with your account. If you do not want
your data to be associated with your X user account, you must log out of X before clicking on the X plugin.
The collection and processing of this data is the sole controllership of X Internet Unlimited Company (One
Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland). X Ireland uses X Corporation in the USA
(865 FM 1209, Building 2, Bastrop, TX 78602, USA) as a service provider. We have no knowledge of further
details regarding the processing of personal data within X’s controllership or any possible data processing
in the USA. We have no influence on X’s data processing.
Information about the processing of personal data by X can be found in the X privacy policy:
https://x.com/de/privacy.
e) Instagram plug-in (activation by clicking on the website)We integrate the Instagram plugin on our website. However, you will only be redirected to Instagram if you
click on the Instagram plugin. Before you click, no data is transferred to Instagram or MetaPlatforms Ireland
Ltd., the operator of Instagram, and no cookies are stored on your device.
As soon as you click on the Instagram plugin, technically the same thing happens as if you were clicking
on a link to the Instagram website: Instagram or Meta-Platforms receives all the information that your
browser automatically transmits (including your IP address). Meta Platforms also sets its own cookies on
your device. This also happens if you do not have an Instagram user account. If you are logged in to
Instagram, your data will be directly associated with your account. If you do not want your data to be
associated with your Instagram user account, you must log out of Instagram before clicking on the
Instagram plugin.
The collection and processing of this data is the sole controllership of Meta Platforms Ireland Ltd. (4 Grand
Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Meta Platforms Ireland Ltd. uses Meta Platforms
Inc. in the USA (1 Hacker Way, Menlo Park, CA 94025, USA) as a service provider. We have no knowledge
of further details regarding the processing of personal data within Meta’s controllership or any possible data
processing in the USA. We have no influence on Meta’s data processing.
Information about the processing of personal data by Instagram can be found in the Instagram Privacy
Policy
https://help.instagram.com/519522125107875 and in the Instagram Cookie Policy:
https://help.instagram.com/1896641480634370?ref=ig.
f) LinkedIn plugin (activation by clicking on the website)We integrate the LinkedIn plugin on our website. However, you will only be redirected to LinkedIn if you
click on the LinkedIn plugin. Before you click, no data is transferred to LinkedIn and no cookies are stored
on your device.
As soon as you click on the LinkedIn plugin, technically the same thing happens as if you were clicking on
a Link to the LinkedIn website: LinkedIn receives all the information that your browser automatically
transmits (including your IP address). LinkedIn also sets its own cookies on your device. This also happens
if you do not have a LinkedIn user account. If you are logged in to LinkedIn, your data will be directly
associated with your account. If you do not want your data to be associated with your LinkedIn user account,
you must log out of LinkedIn before clicking on the LinkedIn plugin.
The collection and processing of this data is the sole Controllership of LinkedIn Ireland Unlimited Company
(Wilton Place, Dublin 2, Ireland). LinkedIn Ireland uses LinkedIn Corporation in the USA (1000 W Maude
Ave, Sunnyvale, CA 94085, USA) as a service provider. We have no knowledge of further details regarding
the processing of personal data within LinkedIn’s controllership or any possible data processing in the USA.
We have no influence on LinkedIn’s data processing.
Information about the processing of personal data by LinkedIn can be found in the LinkedIn privacy policy:
https://de.linkedin.com/legal/privacy-policyg) App Store plugins (activation by clicking on the website)We integrate plugins for various app stores (e.g. Apple App Store, Google Play Store and Huawei
AppGallery) on our website. However, you will only be redirected to the respective app store if you click on
the corresponding app store plugin. Before you click, no data is transferred to the respective app store
operator and no cookies are stored on your device.
As soon as you click on an app store plugin, technically the same thing happens as if you were clicking on
a link to the respective app store website: The app store operator receives all the information that your
browser automatically transmits (including your IP address). In addition, the respective app store operators set their own cookies on your device. This also happens if you do not have a user account with the
respective app store. If you are logged in to the respective app store, your data will be associated directly
with your account. If you do not want your data to be associated with your user account, you must log out
of the respective app store before clicking on the app store plugin.
The collection and processing of this data is the sole controllership of the respective app store operator:
•
Apple App Store: Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork,
Ireland; Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.
•
Google Play Store: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
•
Huawei AppGallery: Huawei Technologies Deutschland GmbH, Hansaallee 205, 40549
Düsseldorf, Germany; Huawei Technologies Co., Ltd., Bantian, Longgang District, Shenzhen,
China.
We have no knowledge of further details regarding the processing of personal data within the controllership
of the respective operators or of possible data processing in third countries (e.g. the USA or China).
We
have no influence on the data processing of the respective app store operators.
Information about the processing of personal data by the respective app stores can be found here:
• Apple:
https://www.apple.com/legal/privacy/• Google Play Store:
https://policies.google.com/privacy• Huawei AppGallery:
https://consumer.huawei.com/de/legal/privacy-policy/2. ContactWe process your personal data when you contact us via the contact details provided on the website, the
service hotline or the contact form.
(i) The purpose of processing is to prepare and execute a contractual relationship or other
communication. A change of purpose is not planned.
(ii) The data processed includes your name, contact details, communication content, and the time and
technical metadata of the communication.
(iii) The legal basis for the processing of your data is, in the case of contracts with natural persons, the
initiation of a contract or the contract itself (Art. 6 (1)(b) GDPR), and in the case of contracts with
legal entities, our legitimate interest in communicating with the contact persons relevant to the
contract (Art. 6 (1)(f) GDPR), as well as legal obligations, in particular tax and commercial law
provisions (Art. 6 (1)(c) GDPR). In the case of pure communication, the legal basis is our legitimate
interest in documenting communication processes (Art. 6 (1)(f) GDPR).
(iv) The contact details are actively provided by the data subjects themselves. The communication
metadata and communication data are collected automatically.
(v) Contact and contract data may be transferred to other service providers, business partners, and
public authorities if this is necessary for the performance of the contract or order. Recipients of the
personal data are also IT service providers which we use as processors within the framework of a
data processing agreement.
(vi) Enquiries and pure communication will be automatically deleted after two calendar years.
(vii) Communication is not possible without the provision of data.
3. Marketing communicationIf you have obtained consent to receiving marketing communications, you will receive information about
our products and projects from us. We also use pseudonymised analyses to track the reach and success
of our marketing communications.
(i) If you have obtained consent to receiving marketing communications, we will process your data for
the purpose of sending marketing communications and measuring the reach of marketing
communications. A change of purpose is not planned.
(ii) The data processed is:
• Name, e-mail-address
• Login-data: This is data that is collected for technical reasons when marketing communications are opened
via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes your IP address, the
type and version of your internet browser, the operating system used, the page accessed, the
previously visited page (referrer URL), and the date and time of access.
• Opening rates of marketing communications
• Clicks within marketing communications
(iii) The legal basis for the processing of your data is your consent (Art. 6(1)(a) GDPR).
(iv) You provide your contact details yourself when you consent to marketing communications; the other
data for analysis is provided automatically by your browser.
(v) Recipients of the personal data are IT service providers which we use as processors within the
framework of a data processing agreement.
(vi) Data on the recipients of marketing communications will be deleted when you unsubscribe from
marketing communications. The log data will be deleted or anonymised after 24 hours.
(vii) The provision of data is necessary for receiving marketing communications. Without the provision of
data, we cannot send marketing communications. Consent can be revoked at any time. To do so,
please use the unsubscribe function within the marketing communication.
4. Job Application(i) The purpose of data processing is to select suitable applicants for a job. A change of purpose is not
planned.
(ii) The data processed is the application documents and any additional data provided voluntarily.
(iii) The legal basis is Section 26 BDSG in conjunction with Art. 6(1)(b) (initiation of the employment
contract) and Art. 88 GDPR. We process voluntary information provided in your application on the
basis of Section 26 (2) BDSG in conjunction with Art. 6 (1) (a) (consent) and Art. 88 GDPR.
(iv) The data is actively provided by the applicants.
(v) Applicant data is forwarded internally to the responsible employees. Recipients of the personal data
are also IT service providers which we use as processors within the framework of a data processing
agreement.
(vi) Applicant data will be deleted six months after the end of the specific application process. If interest
is also expressed in other positions, the data will be stored for up to 12 months after the last job offer
or the last specific expression of interest.
(vii) Applications cannot be considered without the disclosure of personal data. The provision of personal
data is necessary for the review of the application and, if applicable, the subsequent conclusion of
an employment contract.
5. Participation in projects and events(i) We process your data for the purpose of carrying out projects and events, as well as for documenting
the projects and events through image and sound recordings and using the resulting recordings for
press and public relations work. Another purpose is to pass on your data to the cooperation partners
named in the individual project and the event for the purposes specified in each case. A change of
purpose is not planned.
(ii) The data processed is participant data, which may vary from project to project/event to event. As a
rule, however, this includes your name and contact details, as well as, in some cases, photographs
of you or individual project results. You will always be provided with further details within the
framework of the specific project or event.
(iii) The legal basis for the processing of your data is the contract for the implementation of the event and
legal obligations, in particular tax and commercial law provisions (Art. 6 (1)(b) GDPR, Art. 6 (1)(c)
GDPR). The legal basis for the production of image and sound recordings is your consent (Art. 6
(1)(a) GDPR) or our legitimate interest in documenting the events or projects we carry out and our
legitimate interest in press and public relations work (Art. 6 (1)(f) GDPR). Consent is voluntary and
can be revoked at any time with future effect. The legal basis for the transfer of your data to the
cooperation partners named in the individual project and event is our legitimate interest in carrying
out the project or event (Art. 6 (1)(f) GDPR).
(iv) The data is actively provided by you.
(v) The recipients of the data are the other participants in the project or event. The recipients of the
image and sound recordings produced may be anyone for the purpose of press and public relations
work, in particular journalists, media companies, press and photo agencies, members, employees,
users of the website and social media, as well as service providers which we use as processors
within the framework of a data processing agreement, in particular commissioned web hosting
companies, IT and media service providers. The recipients of the data are also the cooperation
partners named in the context of the individual project and event. Unless otherwise specified in the
context of the respective project or event, the respective cooperation partners are independent
controllers for data processing. Further details on data processing by the cooperation partners can
be found in the privacy policies of the cooperation partners, which are specified in the context of the
respective project and event.
(vi) Archived image and sound recordings of the event and publications are not generally deleted. All
data relevant to contracts and bookings will be stored for a period of eight calendar years after the
end of the contract in accordance with tax and commercial law retention periods. Other data collected
in the context of the event will be deleted six months after the event has taken place.
(vii) Participation in projects and events is not possible without disclosing personal data.
6. Visiting our social media profilesTogg has profiles on social media platforms. The social media platforms are operated by service providers
who process the data for the provision of such sites.
The purpose of data processing on our social media profiles is to provide interesting content and interact
with visitors on social media platforms. Depending on the social media service, usage data may also be
analysed to improve our social media presence.
The data processed is content and usage data on the social media profiles.
Information and data displayed or shared on Togg's social media profiles may be accessible to the
respective operator of the social media platform, its users or commissioned service providers.
Further details on data processing are provided below:
Facebook:We and Meta Platforms Ireland Limited, 4 Grad Canal Square, Dublin 2, Ireland (hereinafter "Meta") as the
provider of Facebook are Joint Controllers for the processing of personal data via Togg's Facebook profile.
The Joint Controller Agreement is available at:
https://www.facebook.com/legal/terms/page_controller_addendum. In accordance with the agreement,
Meta is responsible for informing data subjects about the processing. Facebook's privacy policy is available
at:
https://de-de.facebook.com/privacy/policy/. Data subjects may exercise their rights against any of the
controllers, Togg and/or Meta. Further information about the data that Meta shares with Togg can be found
at
https://de-de.facebook.com/privacy/policy/. The legal basis for the processing of data by Meta is our
legitimate interest in analysing usage data to improve Togg's Facebook profile (Art. 6(1)(f) GDPR).
Instagram:We and Meta Platforms Ireland Limited, 4 Grad Canal Square, Dublin 2, Ireland (hereinafter referred to as
"Meta") as the provider of Instagram are Joint Controllers for the processing of personal data via Togg's
Instagram profile. The Joint Controller Agreement is available at:
https://www.facebook.com/legal/terms/page_controller_addendum. In accordance with the agreement,
Meta is responsible for informing data subjects about the processing. Instagram's privacy policy is available
at:
https://privacycenter.instagram.com/policy/. Data subjects may exercise their rights against any of the
controllers, Togg and/or Meta. Further information about the data that Meta shares with Togg can be found
at
https://privacycenter.instagram.com/policy/. The legal basis for the processing of data by Meta is our
legitimate interest in analysing usage data to improve Togg's Instagram profile (Art. 6(1)(f) GDPR).
X (formerly Twitter):We and X Corporation, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter "X") as
the provider of X are sole Controllers for the processing of personal data via Togg's X profile. The Controllerto-
Controller-Agreement is available at:
https://gdpr.x.com/en/controller-to-controller-transfers.html.. Data
subjects may exercise their rights against any of the controllers, Togg and/or X. Further information about
the data that X shares with Togg can be found at
https://twitter.com/de/privacy. The legal basis for the
processing of data by X is our legitimate interest in analysing usage data to improve Togg's X profile (Art.
6(1)(f) GDPR).
LinkedIn:We and LinkedIn Ireland Unlimited Company, Wilton Park House, Wilton Park, Dublin 2, Ireland (hereinafter
"LinkedIn"), as the provider of LinkedIn, are Joint Controllers for the processing of personal data via Togg's
LinkedIn profile. The Joint Controller Agreement is available at:
https://legal.linkedin.com/pages-joint-controller-addendum.
In accordance with the agreement, LinkedIn is responsible for informing data subjects
about the processing. LinkedIn's privacy policy is available at:
https://de.linkedin.com/legal/privacy-policy.
Data subjects may exercise their rights against any of the controllers, Togg and/or LinkedIn. Further
information about the data that LinkedIn shares with Togg can be found at
https://de.linkedin.com/legal/privacy-policy. The legal basis for the processing of data by LinkedIn is our
legitimate interest in analysing usage data to improve Togg's LinkedIn profile (Art. 6(1)(f) GDPR).
YouTube:We and Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland (hereinafter
"Google"), as the provider of YouTube, are sole controllers for the processing of personal data via Togg's
YouTube profile. The Controller Agreement is available at:
https://business.safety.google/controllerterms/.
Data subjects may exercise their rights against any of the controllers, Togg and/or Google. For more
information about the data that Google and Togg share, please visit
https://policies.google.com/privacy?hl=de. The legal basis for the processing of data by Google is our
legitimate interest in analysing usage data to improve Togg's YouTube profile (Art. 6 (1)(f) GDPR).
TikTok:We and TikTok Technology Limited, 10 Earlsfort Terrace, Dublin 2, Ireland (hereinafter "TikTok") as the
provider of TikTok are Joint Controllers for the processing of personal data via Togg's TikTok profile. The
Joint Controller Agreement is available at:
https://ads.tiktok.com/i18n/official/article?aid=300871706948451871 and
https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en.. In accordance with
the agreements, TikTok is responsible for informing data subjects about the processing. TikTok's privacy
policy is available at:
https://www.tiktok.com/legal/page/eea/privacy-policy/en. Data subjects may exercise
their rights against any of the controllers, Togg and/or TikTok. Further information about the data that TikTok
shares with Togg can be found at
https://www.tiktok.com/legal/page/eea/privacy-policy/en. The legal basis
for the processing of data by TikTok is our legitimate interest in analysing usage data to improve Togg's
TikTok profile (Art. 6 (1)(f) GDPR).
7. Rights of data subjects and further information(i) We do not use any methods of automated individual decision-making.
(ii) You have the right to request information at any time about all your personal data which we are
processing.
(iii) If your personal data is incorrect or incomplete, you have the right to have it rectified and
completed.
(iv) You can request the erasure of your personal data at any time, as long as we are not bound by
legal obligations that require or allow us to continue processing your data.
(v) If the applicable legal requirements are met, you can request a restriction to the processing of your
personal data.
(vi) You have the right to object to the processing, insofar as the data processing is based on profiling
or direct marketing purposes.
(vii) If the processing is carried out on the basis of the balancing of interests, you may object to the
processing by stating reasons arising from your particular situation.
(viii) If the data processing takes place on the basis of your consent or a contract, you have the right to
a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not
impaired.
(ix) If we process your data on the basis of a declaration of consent, you have the right to revoke this
consent at any time with future effect. The processing carried out prior to a revocation remains
unaffected by the revocation.
(x) Moreover, you have the right to file a complaint at any time with a data protection supervisory
authority, if you believe that data processing has been carried out in violation of the applicable law.
Version: 5th September 2025
